How secure is your mail server? Is it possible for other people to send mails from your domain?
First of all, we need to establish some basic knowledge about e-mail protocols:
What is the difference between a mail server and an e-mail client program, and how do they work together?
A mail server is an intermediary that helps you send messages to other people. An e-mail client program reads and writes these messages. Examples of e-mail client programs include 4D WebMail, Eudora, MailSmith, Netscape Messenger, Microsoft Entourage and Microsoft Outlook (Express).
What does SMTP mean?
SMTP (Simple Mail Transfer Protocol) is a protocol for sending e-mail messages between servers. A standard SMTP server sends messages via the most direct route available to the recipients’ mail servers and receives messages from other servers. SMTP servers do not “log in” to retrieve messages, they simply wait for messages to come to them. When an administrator sets up a mail server, he will create an MX (mail exchange) record in his DNS database to indicate which computer in his network is the mail server. The name to the left of the @ indicates the name of a user’s mailbox (or alias to the mailbox) on that mail server.
What does POP3 mean?
POP3 (Post Office Protocol) is a protocol that allows e-mail client programs (also known as POP3 clients) to log in and download messages from the mail server. The user then reads the messages and replies, and the e-mail program uses the SMTP protocol to send the messages back out through the server. Some mail servers also support APOP (Authenticated Post Office Protocol) or Kerberos which uses a secret passphrase system to identify each client for security.
What does IMAP4 mean?
IMAP4 (Internet Mail Access Protocol 4) allows users to read their mail on the server and only download messages and attachments to a local machine when appropriate. Its main advantage is that the user can see all the message headers at a glance, and open only those which are interesting. This saves significant download time, especially if users often forward or delete messages without reading them.
What is WebMail?
Several Internet Service Providers (ISP) and portals don’t allow POP or IMAP connection to the mailboxes (e-mail accounts) on their servers. These companies offer a web interface (HTML) to the mailbox contents. Most webmail systems are quite limited in their functionality and are slower than a real e-mail program on the local computer. All messages are stored on the server and only displayed on the PC but not transferred to the PC. Webmail is only recommended for casual use. Any commercial use of e-mail should be done through a traditional e-mail client or workgroup package.
What’s more?
Nowadays, a large part of Internet messages consist of unsolicited commercial e-mails (UCE) also called SPAM. There are a lot of interest groups which fight spams and create lists of known spammers. Those lists can be dynamically loaded into a mail server. This kind of filtering is quite controversial as it might also block legitimate mail.
In order to limit the SPAM on the Internet, every mail administrator or postmaster should limit the access to their SMTP mail servers to only those people who really need to access that server to send out messages. This is called a closed relay. Open relays are accessible by everybody and often misused to send out UCE. Make sure that your mail server allows people on your internal network to send out messages and only open it up to the external Internet for those people (domain names, IP numbers) which really need to have access. One of the most common systems is called POP-before-SMTP. This means that a person who would like to send out e-mails through your SMTP server needs to have an e-mail account on that server. Before the SMTP connection can be opened, the user must check his/her e-mail on that server which then grants access to the SMTP function as well.
As long as there are open relays on the Internet, it will always be possible to forge an e-mail address of your company or organization and send out messages in your name without your authorization through those open relays. Many computer viruses (such as Klez.h and badtrans.b) which contain their own SMTP engine use this inappropriate method to confuse the recipients.
Therefore it’s imperative that you enforce your privacy policy and account privileges on your POP and SMTP servers. You wouldn’t want to open up the possibility that your competitors send out messages through your servers to ruin your reputation and have you put on the spammer blacklists.
Good starting points for learning more about securing your mail servers, granting access to SMTP and spam can be found online:
- Barracuda Networks – we’re using a Barracuda Spam Firewall 600 on our network (in front of our mail servers) to block spam messages and for virus protection.
- DNSStuff has lots of low level tools to analyze your domain and check if you’re listed on more than 100 blacklists. It’s worth paying the membership for the full set of tools!
- SpamCop is a service often used to analyze spam and trace the origin. Getting on SpamCop’s blacklist can cause all kind of problems for your legitimate newsletters and corporate messages. It also allows you to file a complaint to the spammer’s ISP.
- Coalition Against Unsolicited Commercial E-Mail provides lots of information and resources for fighting spam and how to prevent it.
- newsgroup discussing any mail related abuse.
- MAPS Realtime Blackhole Listis a system for creating intentional network outages for the purpose of limiting the transport of known-to-be-unwanted mass e-mail.
- O’Reilly and Associates publish a book covering sendmail which is a popular SMTP server. There are many different SMTP servers for many platforms however sendmail is probably the most well-known and most widely-used.